Hybrid View

[SOLVED] Firefox 3 + Zimbra 5 - TLS Interop issue

Disclaimer: Yeah, yeah, I know FF3 is still in beta. I'm posting this for the public good.

Firefox 3 users may have already noticed a 20-30 second delay when connecting to Zimbra via https, both to the zimbra and ZimbraAdmin services.

From what I've found, Firefox 3 is sending a TLS Client Hello message, but the server (Jetty) never responds with a TLS Server Hello message. After about 20-30 seconds, Firefox3 gives up and drops back to SSLv3. SSLv3 works as normal.

I haven't noticed any TLS issues like this between FF3 and Apache or Tomcat. Other browsers are using TLS to Jetty just fine. My assumption is that there must be something funny that FF3 is sending in the TLS Client Hello message that Jetty doesn't like.

Any pointers on how to debug this further to provide a usable bug report to the faulting party?

Packet capture from ethereal.
Notice the time jump between packets 5 and 6, with no TLS Server Hello message. At packet 10, SSLv3 initiates just fine.

No b/c Firefox 3 is still in too much flux imho. It worked fine during all the other alpha and beta releases. This is the first one that it hasn't. I would wait until the RC hit's. Even this beta5 included a new JS engine.

That and I am not sure it is Zimbra's/Jetty's fault. At least wait until beta 6 comes out